A physique representing threat managers throughout Europe has warned cyber insurance coverage might change into an “unviable product” for firms as considerations develop over insurers failing to cowl massive state-backed assaults.
The Federation of European Risk Management Associations, an umbrella physique representing 22 commerce associations, stated the cyber insurance coverage market is “evolving in isolation from the industries it serves”.
It highlighted a transfer by Lloyd’s of London, the specialist insurance coverage market and hub for cyber insurance coverage, demanding that customary cyber insurance policies have an exemption for large state-backed assaults.
“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” Ferma stated in a press release shared with the Financial Times.
The intervention is the strongest but by the enterprise foyer over the controversial exemption and wider considerations about cyber insurance coverage.
Last month, the Financial Times revealed that Bank of America was among the many high-profile teams that had expressed considerations on to Lloyd’s on its new requirement.
Ferma stated the Lloyd’s transfer “highlights growing concerns about the overall value and sustainability of the cyber insurance product from the corporate perspective”, significantly for large companies.
It referred to as for “constructive dialogue” between all events within the insurance coverage market — together with insurers, brokers, company patrons and regulators — and an annual COP-style occasion on cyber resilience.
“Why pay what some consider expensive premiums for increasingly limited coverage when further investment in cyber security is viewed as a more effective way of managing the risk?” stated Philippe Cotelle, Ferma’s deputy president and head of insurance coverage administration at jet producer Airbus’s defence and house division.
Defending its marketwide requirement, Lloyd’s stated it “did not take this decision lightly and is committed to it”, including: “Our response ensures we maintain an adequately capitalised market for manageable events, while providing clarity for customers on emerging political risks.”
It careworn that the brand new rule allowed for separate add-on insurance policies to be introduced ahead overlaying massive state-backed assaults, and that some had been being developed.
Cyber insurers say the fears about coverage gaps are overplayed.
James Burns, head of cyber technique at insurer CFC, stated final month that the Lloyd’s mandate had “been consistently misrepresented as a requirement to exclude all nation state attacks”.
The requirement, he wrote in a LinkedIn publish, was solely “to exclude attacks that are so catastrophic in nature that they destroy a nation’s ability to function. Think the digital equivalent of a nuclear strike”.
Critics say ambiguity over exclusions — Lloyd’s described assaults that present a “significant impairment to state infrastructure”, a hotly debated which means — will open the best way to insurer challenges and expensive authorized battles.
In some instances, insurers have sought to keep away from paying claims linked to the 2017 NotPetya assault, which was blamed on the Russian authorities, on the idea that it was a “warlike” act.